Export limit exceeded: 359923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0243 | 1 Ibm | 1 Lotus Domino | 2026-04-23 | N/A |
| Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2008-0244 | 1 Sap | 1 Maxdb | 2026-04-23 | N/A |
| SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. | ||||
| CVE-2008-2890 | 1 Offl | 1 Online Fantasy Football League | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php. | ||||
| CVE-2008-3678 | 1 Damian Hickey | 1 Freeway | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL. | ||||
| CVE-2008-0245 | 1 Uploadscript | 2 Uploadimage, Uploadscript | 2026-04-23 | N/A |
| admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. | ||||
| CVE-2008-0246 | 1 Uploadscript | 2 Uploadimage, Uploadscript | 2026-04-23 | N/A |
| admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. | ||||
| CVE-2008-0247 | 1 Ibm | 1 Tivoli Storage Manager Express | 2026-04-23 | N/A |
| Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value. | ||||
| CVE-2008-0249 | 1 Phpwebquest | 1 Phpwebquest | 2026-04-23 | N/A |
| PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments. | ||||
| CVE-2008-0252 | 1 Cherrypy | 1 Cherrypy | 2026-04-23 | N/A |
| Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie. | ||||
| CVE-2008-0254 | 1 Wavelink Media | 1 Tutorialcms | 2026-04-23 | N/A |
| SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter. | ||||
| CVE-2008-0258 | 1 Php Running Management | 1 Phprunman | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2008-2892 | 2 Feellove, Joomla | 2 Exp Shop Component, Com Expshop | 2026-04-23 | N/A |
| SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php. | ||||
| CVE-2008-0260 | 1 Minimal Design | 1 Minimal Gallery | 2026-04-23 | N/A |
| minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function. | ||||
| CVE-2008-2893 | 1 Ajhyip | 1 Aj Square Aj-hyip | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532. | ||||
| CVE-2008-0261 | 1 Mambo | 1 Mambo Open Source | 2026-04-23 | N/A |
| Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors. | ||||
| CVE-2008-0262 | 1 Agares Media | 1 Phpautovideo | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. | ||||
| CVE-2008-0263 | 1 Ingate | 2 Firewall, Ingate Siparator | 2026-04-23 | N/A |
| The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors. | ||||
| CVE-2008-2895 | 1 Aprox | 1 Aproxengine | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | ||||
| CVE-2008-0264 | 1 Drupal | 1 Meta Tags Module | 2026-04-23 | N/A |
| Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node. | ||||
| CVE-2008-2897 | 1 Pagesquid | 1 Pagesquid Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||